Activation Key malware morphs its disguise

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 / grahamcluley

Earlier this week I told you about a widespread spam campaign with a malicious attachment that posed as a message about account activation keys.

I’m afraid that the hackers are still spewing out their attack at a frenzied rate, with many many instances being seen in our spam traps worldwide. Furthermore, the criminals behind this attempt to infect your PC have adapted their disguise a little.

Here is an example of some of the latest emails we have been seeing:

Dangerous email about activation keys containing malicious attachment

Sign up to our free newsletter.
Security news, advice, and tips.

In these latest cases, the subject line is still “The Activation Keys” but the attached file is now called new_activation_keys.zip.

Another version being seen at our global network of spam monitoring stations uses the subject line “Recovery KEYS for your account” with the attached file The_keys.zip.

Dangerous email about recovery keys containing malicious attachment

As before, you should not open these files as they contain a malicious Trojan horse (detected by Sophos as Troj/Agent-IDL or Troj/Invo-Zip).


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on LinkedIn, Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.